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Introduction 


Parallels® Remote Application Server is an application delivery and virtual desktop solution. It extends Microsoft® 
Windows Remote Desktop Services by providing centralized management, universal printing, and remote access to 
Windows® Terminal Services-based applications from virtually any device. The solution also includes a built-in, hypervisor 
agnostic, Virtual Desktop Infrastructure (VDI) solution. 


Application delivery and VDI solutions traditionally can be challenging to set up and manage. Design and implementation 
can take weeks or even months. In contrast, Parallels Remote Application Server can be installed in days or even hours, 
providing a quicker return on your investment and an easier path to realizing the benefits of remote desktop computing. 


This document describes the best practice guidelines for deploying and configuring Parallels Remote Application Server 
v15.5. 

Audience 

Used in conjunction with the Parallels Remote Application Server Modular Reference Architecture, these documents 
provide basic best practice guidance for companies looking to leverage Parallels and Microsoft cloud technologies to 
deliver a state-of-the-art solution for their users. Additional information about Azure can be found here. 

Use Case Scenarios 


Your business plans to leverage Microsoft and Parallels Remote Application Server to deliver a hosted desktop solution 
for its accounting department. The solution will provide value to the department by enabling access to Windows 
desktops and applications from any device. The value of this solution for businesses is most evident in the ability to 
quickly bring new desktop services online through a subscription to Azure infrastructure services 


Business Objectives 

e Provide secure access to desktops and applications for the accounting team 

e Avoid the need to build new infrastructure within private deployments and Azure deployments 
e Ability to distribute Remote Application Server load between datacenters 

e Enable cloud and hybrid load balancing. 

e Ability to integrate with Azure Global Load-Balancer 


e Resource elasticity leveraging Azure 


30-day Trial or POC (All Azure Deployment) 


A 30-day trial or POC can be started at any time from Azure Marketplace using this link. 


Why Azure Solutions Products Documentation Pricing Partners Blog Resources Support 


Marketplace > Virtual Machines > Parallels Remote Application ALL-In-ONE 


Parallels Remote Application ALL-In-ONE 


|| Parallels by Parallels Inc. 


Create Virtual Machine 
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New > RASALLINONE (Staged) Jo, (9 o O O  “ssOparallelscom M 


PARALLELS INC. UND 


RASALLINONE (Staged) x _ OS 


Bring Your Own License enabled. 


Easy to Use, Flexible, and Secure 


$ Parallels Remote Application Server is a comprehensive virtual application and desktop delivery solution that allows your employees to use and access applications and data 
from any device. Seamless and easy to deploy, configure, and maintain, Parallels RAS supports both Microsoft RDS and Azure Cloud. 
ei Brilliant mobile experience 
> Provide your employees with access to desktop applications as if they were native applications on iOS and Android devices. With Parallels unique Applification TM 


technology, employees can use the native touch gestures of mobile devices—swipe, drag, tap to click or zoom—to interact with any remote Windows application on both 
smartphones and tablets, making them productive on the go. 


Application delivery 


Deliver applications with a rich, high-performance RemoteFX experience supported by OpenGL 4.4, providing every virtual machine its own GPU driver for VDI deployments. 
Simultaneously run several application sessions across all devices—from smartphones, to tablets, laptops, and desktops. 


DasallalaDamanta Amalination Cama tall in anat ammliomantnnn all amma mama imaballadandaoanablsaadoetcdeuafeese POAT amd Seel Y la DD nal inanan Thin 


Select a deployment model O 


Want to deploy programmatically? Get started > 


For the VM offering, make sure you use “allinone”, create a “testuser” account (please use your own password), and 
choose the location you want to deploy. 


New > RASALLINONE (Staged) > Create virtual machine > Basics 


Create virtual machine — D X Basics 


* Name 


allinone 


VM disk type O 
SSD 


* User name 
testuser 
* Password 
* Confirm password 
Subscription 
5 Demo_Testing v 


* Resource group @ 


Create new @ Use existing 


Demo 


Location 


East US 
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Select Azure Service Offering. We recommend DS2_V2 for POCs: 


Create virtual machine _ a 


x 


Choose a size 


1 Basics eg DS1_V2 Standard DS2_V2 Standard DS3_V2 Standard 
Done 1 Core 4 Cores 
s 
3.5 GB 14 GB 
Size 2 4 8 
o > =. OPERA AA Bag pn 
= “3 3200 6400 “3 12800 
sa Max 1OPS Max IOPS Max 10PS 
= 7GB O 14 GB E? 28 GB 
o 3 lo Local SSD Be Local SSD Be Local SSD 
} Load balancing } Load balancing } Load balancing 
e 
©) Premium disk support ¿2 Premium disk support E2 Premium disk support 
+ 4 
r 
oading pricing Loading pricing Loading pricing 
5 DS4_V2 Standard DS11_V2 Standard DS12_V2 Standard 
À 8 Cores 2 Cores 4 Cores 
28 GB 14 GB 28 GB 
16 4 8 
= Data disks Data disks = Data disks 
“3 25600 6400 =æ 12800 
Max 1OPS Max 1OPS Max 10PS 
= 56 GB = 28 GB = 56 GB 
+ WB Local ss Ver? BB Local Ep 
hn 7 he 


Use default settings for Networking at this point. If you have RAS rules created, use them instead. That is covered in the 
next chapter of this guide. 


Create virtual machine Settings 


1 Basics Y Storage 
: Done * Storage account @ 
demodisks765 
rS 2 Size Y 
Done Network 


* Virtual network O > 
Settings 
9 S > Demo-vnet 
Configure optional features 
e * Subnet @ 


4 default (10.1.0.0/24) 


* Public IP address @ 


(new) allinone-ip 
5 * Network security group (firewall) @ 


(new) allinone-nsg 


Extensions 


Extensions @ 


No extensions 
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Review Validation settings and click OK. 


Done 


Size 
Done 


Settings 
Done 


Summary 
RASALLINONE (Staged) 


Summary 


O Validation passed 


Basics 

Subscription Demo Testing 
Resource group Demo 
Location East US 
Settings 

Computer name allinone 

Disk type SSD 

User name testuser 

Size Standard DS2 v2 
Storage account demodisks407 
Virtual network Demovnet880 


Subnet default (10.1.1.0/24) 
Public IP address (new) allinoneip424 
Network security group (firewall) (new) allinonensg474 


Availability set None 
Guest OS diagnostics Disabled 
Boot diagnostics Enabled 


Diagnostics storage account demodiag696 


Remote Application Server is using a bring-your-own-license (BOYL) model and only Azure Infrastructure Services will be 
charged. Parallels Remote Application Server licenses can be acquired at parallels.com. 


Create virtual machine 


Purchase 


2 Size 


Basics 
Done 


Done 


3 Settings 


Done 


4 Summary 


RASALLINONE (Staged) 


5 Buy 


|| Parallels 


Offer details 
Parallels Remote Application ALL-In-ONE 0.0000 USD/hr A 
by Parallels Inc 
Terms of use | privacy policy 
Standard DS2 v2 0.1400 USD/hr Li 


by Microsoft 
Terms of use| privacy policy 


Pricing for other VM sizes 


A The highlighted Marketplace purchase(s) are not covered by your Azure credits, and will 
be billed separately. 
You cannot use your Azure monetary commitment funds or subscription credits for these 
purchases. You will be billed separately for marketplace purchases. 


Q Azure resource 
You may use your Azure monetary commitment funds or subscription credits for these 
purchases. Prices presented are retail prices and may not reflect discounts associated with your 
subscription. 


Terms of use 


By clicking “Purchase”, | (a) agree to the legal terms and privacy statement(s) associated with each 
Marketplace offering above, (b) authorize Microsoft to charge or bill my current payment method for 
the fees associated with my use of the offering(s), including applicable taxes, with the same billing 
frequency as my Azure subscription, until | discontinue use of the offering(s), and (c) agree that 
Microsoft may share my contact information and transaction details with the seller(s) of the 
offering(s). Microsoft does not provide rights for third-party products or services. See the Azure 
Marketplace Terms for additional terms. 
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The following message will be displayed once provisioning is completed: 


x 
Li Deployments succeeded 8:23 AM 


Deployment to resource group "Demo was successful 


To access the VM created, click on Connect using the following credentials: 


Username Password 


ras R@s2017! 


Hybrid Deployment (On Premise and Azure) 


Leveraging Microsoft Azure capabilities, Remote Application Server supports the use case where backend services such 
as Active Directory® (AD) are either deployed on premise or using Azure. Therefore, Microsoft Office 365, Azure AD, and 
SQL server mixed with Federation Services are supported. Parallels Remote Application Server hosted on Azure consists 
of a small number of components: 


e Publishing Agent (Controller) 

e Hosted Shared workers (Session Isolation) 

e Server VDI Workers (VM/Server Isolation) 

e Azure Active Directory Services or local AD Controller (for failover purposes) 
e An Azure local SQL Server VM Instance (for reporting) 

e Corporate network and Azure must be connected via Site-to-Site VPN. 


NOTE: All roles are supported in Azure, and the final architecture may vary depending on how much Azure will be 
utilized. Additional information about Remote Application Server requirements can be found in the Solution Guide. 
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Endpoint Access Using On-premise 


|| Parallels 


Azure 
EE 
| 
| 
S V 
\ Azure SCG_ A i 
| 1 
= 1 RDS Host 
== SS ï 
| a ï 
| = I eg 
| I Y 8 
d --} / 
I I è. a Y 
l ï 
i ï 
I Backup PA Ï 
l I 
| A 
l l | 
h l ; 
i ! | 
End user traffic PA Load Balancer | Site-to-Site VPN 
I 
1 
On Premise i 
I 
1 
| 
L 


r 
| 
l 
+ 
l 
l 
l 
l 
l 
l 
l 
l 
l 
l 
l 
1 


SCG 


Secondary 
SCG 


A Re 


Master PA 


Remote 


VDI 
Desktop 


RDS Host 
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Endpoint Access Using Azure 


Azure 


le] 
=< 
O 


Firewall HALB 


Backup PA 


==3= aa => === 


End user traffic 


l 
| 
D 
I 
| 
| 


PA Load Balancer 


Site-to-Site VPN 


On-Premise 


| 


E & 


| 
Sy i Remote A 
I PC End 
= 2 i User 
Primary > 224 al 
SCG 7 d [FEY ON 
i D [4] » 
Master PA | 
rá i D 22 AD, 
eege S ! esktop DNS, 
basa File 
TS Server 
Secondary 
SCG 
RDS Host 
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Multisite 


Azure 


l 
I I 
H $ | RDS Host 
ï N 1 
I Su I 
Í Azure SCG ZS ay 
/ 
8 [T D 
> --+020----+| / eg 
Së O ; / Azure 
dë Firewall HALB / BackupPA | AD 
1 / I 
i i / aooo! 
ï == I 
| 
i 1 i 
2 Azure SCG : 4 
HTML / l I 
/ l I 
e / - + 
ds ÉS =t 1 I 
> = 2 i ! 
I 4 A 
GEESS e = = PA Load Balancer | Site-to-Site VPN 
Ga h I 
ar = I 
E \ H h 
EP Global Load Balancer ! r 
P \ On Premise l I 
\ ee 
` i L i 
i | I I 
` 
Y ! 1 
` 1 . PARRA 
Kä l ï 
\ Ge ` l 1 
l SR, v | Remote E 
K f "e ! PC End 
\ i "Ze I User 
\ i Primary WE Bä = 
\ ¿O SCG Y A 
--=0=0__ — X 1 = <> 
So I á Master PA | 
Firewall HALB i d Wu AD 
irewal | £ 
A / Desktop DNS, 
L ! File 
Së I 
o Server 
Secondary 
SCG 
RDS Host 


Server Components 


Master Publishing Agent 
Component Installed Installation Method 
Parallels Publishing Agent Windows Installer (standard installation) 


Backup Publishing Agent 


Component Installed Installation Method 


Parallels Publishing Agent Push installation 


Primary Parallels Secure Client Gateway 
Component Installed Installation Method 


Parallels Secure Client Gateway, Push installation 
including HTML5 Gateway 
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Parallels Secure Client Gateway, Push installation 
including HTML5 Gateway 


Secondary Parallels Secure Client Gateway 
Component Installed Installation Method 


Microsoft Remote Desktop Services Server 
Component Installed Installation Method 


Parallels Terminal Server Agent Push installation 


Parallels VDI Agent Push installation or 
Parallels Guest Agent Virtual Appliance 


Hypervisor Host with VDI Desktops 
VDI Component Installed Installation Method 


High Availability and Load Balancing Virtual Appliance 
Component Installed Installation Method 


Ready-to-use virtual appliance Virtual Appliance 


For end user access, a couple of options should be considered: 


A. Existing customer end users can continue to use an existing URL (or gateway access) to leverage hybrid cloud 
deployment from an existing on-premise network and can also add additional failover gateways from Azure Internet 
inbound networks. 


B. New customer end users can receive inbound traffic through Azure and use on-premise deployments later on. 
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Virtual Machine Requirements in Azure 


VM Role CPU Disk Requirements 


OS 
NB Windows Server® 
Publishing Agent 2012, 2012 R2/2016 2 vCPUs 
Windows Server® 


Terminal Server/RDS/ Windows Server® 
Application Servers | 2012, 2012 R2/2016 = 16 GB Depends on use case 
EES Debian 2 vCPUs 4 GB 10 GB 
Gateways 


Virtual Machine Requirements On-premise 


VM Role OS Disk Requirements 


Windows Server 
Publishing Agent 2003SP1, > Windows 
Server 2016 
Windows Server 
Server 2016 


GB 
: Windows Server 
Va tha 2003SP1, > Windows 16 GB 
PP Server 2016 
High Availability Debian 4 GB 10 GB 
Gateways 


Office-to-office VPN 


A cross-premises Azure virtual network allows your virtual machines in Azure to directly access resources on your 
on-premise network. For example, a DirSync server running on an Azure VM needs to query your on-premise domain 
controllers for changes to accounts and synchronize those changes with your Office 365% subscription. 


Microsoft Azure provides this knowledge base article on how to connect an on-premise network to existing Azure 
infrastructure. 


All-Azure Deployment 


Leveraging Microsoft Azure capabilities, Remote Application Server supports the use case in which backend services 
such as Active Directory are deployed either on premise or using Azure. Therefore, Microsoft Office 365, Azure AD, and 
SQL server mixed with Federation Services are supported. Parallels Remote Application Server hosted on Azure consists 
of a small number of components: 


e Publishing Agent (Controller) 

e Hosted Shared Workers (Session Isolation) 

e Server VDI Workers (VM/Server Isolation) 

e Azure Active Directory Services 

e An Azure Local SQL Server VM Instance (for reporting) 


NOTE: All roles are supported in Azure, and the final architecture may vary depending on how much Azure will be utilized. 
Additional information about Remote Application Server requirements can be found in the Solution Guide. 
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Allin Azure 


Azure 

` IE \ 
! Ké EN 
l \ ~ 
I \ moai. ETS E 
| Azure SCG A Ba 

O | ` Backup PA 

—-T- __ +060. J Ces, ra RDS Host 
NX I \ J 
O H PA Load Balancer 


ls] t á 
I K Z 
: Lge Master PA 
I Vë Ié 
I y 
| PC | ve iO i 
Radius 


Primary 


Z 


Server Components 


Master Publishing Agent 


Component Installed Installation Method 


Parallels Publishing Agent Windows Installer (standard installation) 


Backup Publishing Agent 
Component Installed Installation Method 


Parallels Publishing Agent Push installation 


Primary Parallels Secure Client Gateway 
Component Installed Installation Method 


Parallels Secure Client Gateway, Push installation 
including HTML5 Gateway 
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Parallels Secure Client Gateway, Push installation 
including HTML5 Gateway 


Secondary Parallels Secure Client Gateway 
Component Installed Installation Method 


Microsoft Remote Desktop Services Server 
Component Installed Installation Method 


Parallels Terminal Server Agent Push installation 


Parallels VDI Agent Push installation or 
Parallels Guest Agent Virtual Appliance 


Hypervisor Host with VDI Desktops 
VDI Component Installed Installation Method 


High Availability and Load Balancing Virtual Appliance 
Component Installed Installation Method 


Ready-to-use virtual appliance Virtual Appliance 


Azure Marketplace Virtual Machine Templates 


With the infrastructure requirements completed, Parallels Remote Application Server VMs can be deployed. There are 
two approaches: 


e Virtual Machine Templates from Azure Marketplace (preferred method) 

e Deploy Windows Server Datacenter instances in Azure, and push Remote Application Server components. If this 
method is used, we recommend following Remote Application Server documentation, YouTube videos, or the 
Solution Guide. 


To deploy Remote Application Server using the trial image, go to this section of the document. 


Once selected VMs are deployed in Azure or an on-premise datacenter, you must connect them from the Remote 
Application Server Publishing Agent. 
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Configuring Parallels RAS Between Networks 


When using a site-to-site VPN, both on-premise networks and Azure networks are integrated. The same steps are used 
to add Publishing Agents, Gateways, and Terminal Servers (RDS). If the Publishing Agent(s) is(are) already deployed on 
premise, start adding a new RAS from this server. 


Remote Application Server provides wizards for deployment or configuration. These wizards should be started from the 
main console: 


Add Terminal Servers 
Start with this step to setup Windows Terminal Servers from which applications will be published. 


Publish Applications 
Select which applications you want to publish to your users. 


(ERT 


Invite Users 
= Send emails with instructions on how to download and configure Parallels Client. Users will be able 
to deploy the published applications assigned to them. 


Once the initial deployment is completed, new roles can be added from the Farm menu: 


{Est Modification By Changed On Created By 
O verified vfiss@demo Sun Nov 27 12:2... Publishing Agent d 
vfiss@demo Sun Nov 27 12:2... _ vfiss@demo Wed Nov 23 14:... 


10.115 


PA Add an SSL certificate and enable HTMLS Gateway 
F] Add Frewall Rules 


Once the deployment is completed (or functional), the farm configuration will be displayed in the Farm > Designer Menu: 
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Ei Farm - RASDEMOO1 Designer 


E Site - RASDEMOO1 


[E] Terminal Server [101] VOI Host [FC] Remote PC [F] Gateway [i] Publishing Agent | (EI Print [7] Full Screen 


Terminal Servers 


VDI Hosts | | Parallels” 


Remote Clients 


Component: Terminal Servers 


rasderasde 


For additional information on how to deploy these roles, refer to the Parallels Knowledge Base or Administration Guide, or 
consult the Parallels Partners or Sales teams. 


Azure Network Configuration for Inbound Traffic 


You can use a network security group (NSG) to control traffic to one or more VMs, role instances, network adapters 


(NICs), or subnets in your virtual network. An NSG contains access control rules that allow or deny traffic based on traffic 
direction, protocol, source address and port, and destination address and port. The rules of an NSG can be changed at 
any time, and changes are applied to all associated instances. 


Network Security Groups for Internet Inbound Traffic 


Create a new security group for RAS, such as “RAS Farm”, in the datacenter in which you have RAS deployed. 


|| Parallels 


\ _ Network security groups (classic) 


x 


Shift+Space to toggle favorites 


& Local network gateways 


E Network interfaces 


a Network security groups (classic) 
& Virtual network gateways 
<> Virtual networks * 


<> Virtual networks (classic) 
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* Name 


RAS Y 


* Subscription 


Pay-As-You-Go Dev/Test v 


* Resource group O 
) Create new O) Use existing 


Demo v 


* Location 


|Eastus "lw 


Create the following inbound rules: 


Inbound security rules 


= Add 22 Default rules 


Search inbound security rules 


PRIORITY NAME SOURCE DESTINATION SERVICE ACTION 
100 Gateway_Redirect Any Any HTTP (TCP/80) Allow 
110 Gateway_SSL Any Any HTTPS (TCP/443) Allow 
120 Client_Management Any Any Custom (TCP/20009) Allow 


Note: If RDP access is necessary, add another inbound rule for port 3389 and/or other ports used. It is not 
recommended to have the RDP port open. 


The new network security rule is not assigned to any VM or resources. The next step is to assign the new rule to Remote 
Application Server VMs. 


Assign Firewall Rules to RAS Subnet and Virtual Machines 
Virtual Network Configuration 


Go to Azure Menu > Virtual networks 


Lei App Services 
5% SQL databases 
NoSQL (DocumentDB) 


Virtual machines 


Load balancers 


Storage accounts 


Virtual networks 


17 
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Select the Virtual networks > Subnets > Security group: 


Virtual networks Demovnet880 - Subnets 
td Add == Columns U Refresh + Subnet + Gateway subnet 
Filter items... NAME ^ ADDRESSRANGE ^ AVAILABLE ADDR... “ SECURITY GROUP ^ 
All subscriptions v zéi Access control (IAM) 
default 10.1.1.0/24 248 
NAME @ Tags 


<-> Demo-vnet 
SETTINGS 


<-> Demovnet602 
Address space 


<> Demovnet880 ... 


4» Connected devices 


<> Templates-vnet ... 
á 


fe MNAC saniar 


Replace your default security rule with “RAS”: 


* Address range (CIDR block) @ 


[19110/ J These are the network security groups in the selected subscription and location ‘East 
10.1.1.0 - 10.1.1.255 (256 addresses) us’. 


Available addresses @ 


y None 


248 
Network security group à à RAS 
None eastus 


Route table Rasdemo01nsg514 
None > eastus 
Rasdemo02nsg888 
Users 
> eastus 


Manage users 
RASDemoDC-nsg 


eastus 


HALB or Gateway Virtual Machine Security Group Configuration 


Go to Azure Menu > Virtual machines: 


App Services 


SQL databases 


NoSQL (DocumentDB) 


Virtual machines 


Load balancers 
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Select either HALB or Gateway Virtual Machine(s) > Network interfaces > Select network interface: 


Subscriptions: A! 2 selected D Search (Ctrl+/) Search network interfaces 
Filter items PUBLIC IP ADORE.. ^ PRIVATE IP ADDR.. ^ SECURITY GROUP ^ 
D Overview 
All subscriptions {v 
rasdemo01300 40.76.54.34 10.1.1.5 Rasdemo0Insg514 =... 

NAME BR Activity log 

D RASallinone wee zë Access control (IAM) 
= tá = 

"= È< Diagnose and solve problems 


D RASDemoDC ZER SETTINGS 


EA rascw ... I! Availability set 
EA Rasra 
EA rasts 


Œ Disks 
EI Extensions 
E Network interfaces 


Select Network security group > Edit: 


Search network interfaces P |Search (Ctrl+/) letwork security group 


lemo01nsg514 
NAME e PUBLIC IP ADDRE.. ^ PRIVATE IP ADDR... ^ SECURITY GROUP. ^ 9 


B Overview 
rasdemo01300 40.76.54.34 10.1.1.5 Rasdemo01nsg514 `... 
Ed Activity log 


PA Access control (IAM) 


@ Tags 


SETTINGS 


E |P configurations 


Pa DNS servers 


(Y Network security group 


"17 Properties 


Change existing security group to “RAS”: 


Hl Save = X Discard 


Network security group > 
RAS These are the network security 
groups in the selected subscription 


and location ‘East US’. 


None 


RAS 
Demo 


Rasdemo01nsg514 
Demo 


Rasdemo02nsg888 
Demo 


RASDemoDC-nsg 
Demo 


ei ei ajeje B 


Click Save and restart the VM. 
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Security Rules Test and Access Using Azure 


From your local browser and VMs, up connect to https://your Azure IP addr or hostname/RASHTML5Gateway. 


| Parallels Jownload Clien SS English 


Log in to DEMO2 


| demo@lab| cy | 


If the page is not open, check routing rules in Parallels Desktop and/or pfsense. Another test option is to open Terminal 
and run a telnet to localhost on port 443. The result should be: 


Last login: Thu Nov 24 15:06:42 on ttys000 
[MBP-1276s-MacBook-Pro:^ Victor$ telnet 40.76.54.34 443 
Trying 40.76.54.34... 

Connected to 40.76.54.34. 

Escape character is '”]', 


Best Practices 


These optimizations are available in Remote Application Server VM templates in Azure Marketplace, and the following 
steps are for either custom VM or on-premise deployments. 


Remote Desktop/Terminal Server Performance Settings 
The default Windows performance settings are intended for general purpose servers. In order to maximize application 
or desktop hosting server performance, the default Windows performance settings should be adjusted on Windows 


Remote Desktop/Terminal Servers. 


From the Control Panel, go to System and click on Advanced System Settings. Under the Advanced tab on the System 
Properties dialog box, click on Settings... under the Performance section. 


Performance Options Settings 


Under the Visual Effects tab from the Performance Options dialog box, change the setting to “Adjust for best 
performance.” 


If a specific application has a custom setting recommendation, that approach should be used instead, but in general, 
“Adjust for best performance” will provide the best overall performance in a Parallels RAS environment. 
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System Properties Lx | 


Computer Name | Hardware Advanced | Remote 


Visual Effects | Advanced | Data Execution Prevention 


You must be logged on as an Administrator to make most of these changes. 


Select the settings you want to use for the appearance and 


Fe performance of Windows on this computer. 


Visual effects, processor scheduling, memory usage, and virtual memory 
O Let Windows choose what's best for my computer 


© Adjust for best appearance 
@ Adjust for best performance 
User Profiles O Custom: 


Desktop settings related to your signin Animate controls and elements inside windows 
Animate windows when minimizing and maximizing 
Settings... Animations in the taskbar 
Enable Peek 
Startup and Recovery d Fade or slide menus into view 
á SR a Fade or slide ToolTips into view 
System startup, system failure, and debugging information Fade qut mera eos after Giang 
Save taskbar thumbnail previews 
Show shadows under mouse pointer 
Show shadows under windows 
Show thumbnails instead of icons 
Show translucent selection rectangle 
Show window contents while dragging 
Slide open combo boxes 
Smooth edges of screen fonts 
Smooth-scroll list boxes 
Use drop shadows for icon labels on the desktop 


See also 


Action Center 


Windows Update 


Windows Paging File Settings 


Set the Windows paging file to twice the amount of RAM. For heavier workloads, a paging file of three times the amount 
of physical memory might be required. 


Microsoft Windows page files start small by default and grow as necessary. However, as the system ramps up to 
intended capacity, dynamic page file growth can result in a fragmented page file, so it is best to set a fixed page file size 


up front. 


Typically, page file settings are configured when the server is first installed. However, if the server has been in production 
for a while, Parallels recommends optimizing and defragmenting the drive prior to setting the following paging options. 


In the example below, the server has 8 GB of RAM. 


anage | 
Paging file size For each drive 


2) Custom size: 
Init 16384 


16384 
System managed size 


No paging file 


Total paging file size For all drives 
Minimum allowed: 16 MB 
Recommended: 4607 MB 
Currently allocated: 1280 MB 


[œ ][ om ] 
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A. Notice that Microsoft set the paging file size at 1280 MB, but the recommended size is 4607 MB. 


D We are going to double the size, and it will use a new page file that will be in one location on the disk. The number 
should be 16384. 8 GB in a block of 8192 x2 = 16384. 


C. You will need enough free disk space in order to set this. 
RemoteF X 


RemoteFX® is a set of Microsoft Windows technologies that greatly enhances the end user visual and performance 
experience over the RDP protocol. It is available in Windows Server 2008 R2 SP1 and later. Windows 7 was the 
first client-side operating system to support RemoteFX. Both the client and server versions must be able to support 
RemoteFX in order for these enhancements to take effect. 


Although RAS supports earlier versions of Windows Server, certain performance capabilities will not be available in 
older Windows operating systems. RemoteFX has been improved with subsequent releases of Windows. The best 
performance will always occur when running the latest server version of Microsoft Windows being accessed from the 
latest workstation version. Older versions of Windows can connect with newer versions (e.g., Windows XP to Windows 
2012 R2 or Windows 10 to Windows 2003), and while this might be acceptable for certain workloads, RemoteFX 
capabilities will not be available. 


Parallels RAS supports RemoteFX on the following clients: Parallels Windows Clients for Windows 7 SP1 and higher, 
Mac® clients, iOS, Android™, Linux®, and the ChromeApp for Chromebook™. 


Enable RemoteFX Using Group Policy 


RemoteFX is enabled on Windows systems using Group Policy. If using local Group Policy settings, these settings must 
be completed on every Terminal Server/Remote PC/VDI Guest in the RAS farm. RemoteFX can also be configured 
centrally in Active Directory environments using Group Policy at the Domain level. This guide describes the process for 
enabling local Group Policy settings. 


Hint: To edit local Group Policy, from the Windows Run command, type GPEDIT.MSC. Once the Group Policy settings 
are completed, run GPUPDATE /FORCE from the Run command to apply them. 


RemoteFX settings for Server 2012 and 2012 R2 


1. Enable and disable the following options with gpedit.msc on all erminal servers in your farm. This must also be 
completed on all virtual PC VDI systems that support RemoteFX 


2. Under Local Computer Policy > Computer Configurations > Administrative Templates > Windows Components > 
Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment, enable and disable the 
following: 


a. Use Advanced RemoteFX graphics for RemoteApp 
i. Enabled > Set to “Optimize to use less network bandwidth” 
b. Configure compression for RemoteFX dat 
i. Enabled > Optimize to use less network bandwidth 
c. Configure image quality for RemoteFX Adaptive Graphics 
i. Enabled > Set to Medium 
d. RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1 
i. Enabled 
e. Configure RemoteFX Adaptive Graphics 
i. Enabled > Let the system choose the experience for network conditions 
f. Allow Desktop Composition for remote desktop sessions 
i. Enabled 
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RemoteFX Settings for Windows Workstations Running Remote PC Agents and VDI Agents 
1. RemoteFX Settings for Windows 7 SP1 


a. Enable and disable the following options with gpedit.msc virtual PC VDI systems that support RemoteFX: 
Under Local Computer Policy, Computer Configurations, open Administrative Templates, Windows Components, 
Remote Desktop Services. Open Remote Desktop Session Host. Then open Remote Session Environment. 

b. Under Remote Session Environment, enable and disable the following: 


Settin State Comment 
=] Limit maximum color depth Not configured No 
[2] Enforce Removal of Remote Desktop Wallpaper Not configured No 
=] Configure RemoteFX Enabled No 
=] Limit maximum display resolution Not configured No 
2) Limit maximum number of monitors Not configured No 
=] Remove "Disconnect" option from Shut Down dialog Not configured No 
l=] Remove Windows Security item From Start menu Not configured No 
=] Optimize visual experience when using RemoteFx Enabled No 
Set compression algorithm for RDP data Enabled 
=] Optimize visual experience for Remote Desktop Services sessions Enabled No 
(=, Start a program on connection Not configured No 
LE) Always show desktop on connection Not configured No 


c. Configure RemoteFX 
i. Enabled 
d. Optimize visual experience when using RemoteFX 
i. Enabled 
ii. Medium Default 
e. Set compression algorithm for RDP data 
i. Enabled 
ii. Optimize to use less network bandwidth 
f. Optimize visual experience for Remote Desktop Services sessions 
i. Enabled 
ii. Rich Multimedia 
g. Configure image quality for RemoteFX Adaptive Graphics (Image Quality set to Medium) 
i. Enabled 
ii. Configure RemoteFX Adaptive Graphics (Let the system choose experience for network conditions.) 
h. Use advanced RemoteFX graphics for RemoteApp 
i. Enabled 
i. Configure compression for RemoteFX data 
i. Enabled 
ii. Optimize to use less network bandwidth 
j. Configure image quality for RemoteFX Adaptive Graphics. 
i. Enabled 
ii. Medium 
k. Configure RemoteFX Adaptive Graphics 
i. Enabled (Let the system choose the experience for network conditions.) 
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Remote FX USB Redirection, Audio Redirection, and Time Zone Redirection 
RemoteFX USB Redirection 


In order to get some Point of Sale / USB scanning devices to work properly with Windows 2008 R2 and higher, you must 
enable RemoteFX USB redirection. 


Make sure that you set RemoteFX USB Redirection Access Rights to Administrators and Users. This is configured within 
Group Policy using GPEDIT.MSC: 


Local Computer Policy > Computer Configurations > Administrative Templates > Windows Components > Remote 
Desktop Services > Remote Desktop Session Host > Remote Desktop Connection Client: 


a [ Remote Desktop Services 
Md RD Licensing 
a [| Remote Desktop Connection Client 
C RemoteFX USB Device Redirection 
> LZ Remote Desktop Session Host 


For additional information, see this KB article from Microsoft. 


Setting State Comment 

Allow RDP redirection of other supported RemoteFX USB de... Enabled No 
® Allow RDP redirection of other supported RemoteFX USB devices from this computer = H 
E Allow RDP redirection of other supported RemoteFX USB devices from this computer 


Previous Setting Next Setting 


O Not Configured Comment: 


@ Enabled 
O Disabled 
Supported on: ` At least Windows 7 with Service Pack 1 or Windows Server 2008 R2 with Service 
Pack 1 

Options: Help: 

RemoteFX USB Redirection Access Rights This policy setting allows you to permit RDP redirection of other 

supported RemoteFX USB devices from this computer. 
| Adminstrators and Users y Redirected RemoteFX USB devices will not be available for local 
` d usage on this computer. 


If you enable this policy setting, you can choose to give the 
ability to redirect other supported RemoteFX USB devices over 
RDP to all users or only to users who are in the Administrators 
group on the computer. 


If you disable or do not configure this policy setting, other 
supported RemoteFX USB devices are not available for RDP 
redirection by using any user account. 


For this change to take effect, you must restart Windows. 
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Enable Audio / Recording Redirection 


In order to allow audio / recording redirection, first enable remote audio using the server’s playback device, and then 
enable these functions using group policy via gpedit.msc. 


The Terminal Servers do not need a sound card to do this. 
Enable the sound option on all Terminal Servers: 


a. Simply right-click the server’s sound icon in the Windows system tray. You will then be prompted to enable 
remote audio. 


E Sound 


Select a playback device below to modify its settings: 


© Remote Audio 
I 
Lë Default Device 


Configure Set Default lv Properties 
[ œ ][ coma | zem 


Run gpedit.msc and enable the sound redirection options. Local Computer Policy > Computer Configurations > 
Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > 
Device and Resource Redirection: 


4 [7] Remote Desktop Services 
D) RD Licensing 

4 [Ü] Remote Desktop Connection Client 
E RemoteFX USB Device Redirection 

4 [Ü] Remote Desktop Session Host 
E Application Compatibility 
E Connections 
MA Licensing 
©) Printer Redirection 
© Profiles 
E RD Connection Broker 

>» ZÏ Remote Session Environment 

(5) Security 
E Session Time Limits 
E Temporary folders 
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b. Allow audio and video playback redirection 


i. Enabled 

c. Allow audio recording redirection 
i. Enabled 

d. Limit audio playback quality 
i. Enabled 


ii. Set to “Dynamic” 


Setting State Comment 

[=| Allow audio and video playback redirection Enabled No 

[=| Allow audio recording redirection Enabled No 

[=| Limit audio playback quality Enabled No 

|) Do not allow Clipboard redirection Not configured No 

(| Do not allow COM port redirection Not configured No 

(=| Do not allow drive redirection Not configured No 

(| Do not allow LPT port redirection Not configured No 

|E] Do not allow supported Plug and Play device redirection Not configured No 

[| Do not allow smart card device redirection Not configured No 

[Allow time one edredon bled No) 

A Limit audio playback quality =. 


Ej Limit audio playback quality "EE Ten Setting 


© Not Configured Comment: 
@ Enabled 
O Disabled a | 
Supported on: At least Windows Server 2008 R2 or Windows 7 
Options: Help: 


This policy setting allows you to limit the audio playback quality | ^ 
for a Remote Desktop Services session. Limiting the quality of 
audio playback can improve connection performance, 


Audio Quality |Dynamic 


particularly over slow links. 


Time Zone Redirection 


If you have users that login from different time zones, you may want to enable this setting. This setting will redirect the 
local time to the app, remote PC, or VM. Time Zone Redirection is configured in the same Group Policy location as 


Audio Redirection: 


Local Computer Policy > Computer Configurations > Administrative Templates > Windows Components > Remote 
Desktop Services > Remote Desktop Session Host > Remote Desktop Session Host > Device and Resource Redirection 
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Ensure That Desktop Experience Is Installed on All Terminal Servers 


When a user connects to the Parallels RAS server, the desktop that exists on the RD Session Host server is reproduced, 
by default, in the remote session. To make the remote session look and feel more like the user’s local Windows desktop 
experience, install the Desktop Experience feature on an RD Session Host server that is running Windows Server 2008 
R2, Windows 2012, or Windows 2012 R2. This also makes the graphics look better using the Windows aero theme once 
the Desktop Experience feature is installed. 


Desktop Experience is a feature that you can install from Server Manager. 


DESTINATION SERVER 
DPA-12 2xu8.com 


Select one or more features to install on the selected server. 


Features Description 


KA mmer "rang Desktop Experience includes 

O Simple TCP/IP Services features of Windows 8,1, including 

Windows Search. Windows Search 

lets you search your device and the 


Y 


O SMB Bandwidth Limit Internet from one place. To learn 
(O SMTP Server more about Desktop Experience, 
O SNMP Service including how to disable web results 
< from Windows Search, read http:// 
O Telnet Client go.microsoft.com/fwlink/? 
] Telnet Server Linkid=390729 
O TFTP Client 
4 Y tert. 


C Windows Biometric Framework 
C Windows Feedback Forwarder 


< "m 


Once enabled, you will notice the apps have better graphics, and if you publish a remote desktop for a user to use, it will 
look more like an actual desktop workstation. This will allow the user to personalize the remote desktop. 


Windows Server 2016 Specific Group Policies 


In Windows Server 2016, a few GPOs were moved, and Windows Server 2008 R2 backward compatibility was split in 
another folder’s structure. Essentially, the GPOs folder is: 


Local Computer Policy > Computer Configurations > Administrative Templates > Windows Components > Remote 
Desktop Services > Remote Desktop Session Host > Remote Desktop Session Host > 


Make sure the following GPOs marked as “Not Configured” are changed to Enabled: 
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> M Event Log Service 
©) Event Logging 
©) Event Viewer 
> DD File Explorer 
© File History 
©) Game Explorer 
E HomeGroup 
> El Internet Explorer 
E] Internet Information Services 
> © Location and Sensors 
©) Maintenance Scheduler 
E] Maps 
E MDM 
M Microsoft Secondary Authentication Factor 
> E Microsoft User Experience Virtualization 
[Él NetMeeting 
© OneDrive 
© Online Assistance 
©) Portable Operating System 
E Presentation Settings 
v M Remote Desktop Services 
E RD Licensing 
> TÍ Remote Desktop Connection Client 
v M Remote Desktop Session Host 
E Application Compatibility 


> © Event Log Service 
E Event Logging 
© Event Viewer 
> © File Explorer 
[Él File History 
E Game Explorer 
E HomeGroup 
> E Internet Explorer 
[E] Internet Information Services 
> © Location and Sensors 
© Maintenance Scheduler 
E Maps 
E mom 
© Microsoft Secondary Authentication Factor 
> M Microsoft User Experience Virtualization ` 
E] NetMeeting ) 
E OneDrive 
E Online Assistance | 
M Portable Operating System 
E Presentation Settings l 
v [lll Remote Desktop Services | 
EI RD Licensing | 
> El Remote Desktop Connection Client e 
v M Remote Desktop Session Host 
E Application Compatibility 
M Connections 
M Device and Resource Redirection 
© Licensing 
El Printer Redirection 
© Profiles 


@ Security 
M Session Time Limits v 


|| Parallels 


Device and Resource Redirection 


Configure image quality for 
RemoteFX Adaptive Graphics 


Edit policy setting 


Requirements: 
At least Windows Server 2012, 
Windows 8 or Windows RT 


Description: 

This policy setting allows you to 
specify the visual quality for 
remote users when connecting to 
this computer by using Remote 
Desktop Connection. You can use 
this policy setting to balance the 
network bandwidth usage with 
the visual quality that is delivered. 

If you enable this policy setting 
and set quality to Low, RemoteFX 
Adaptive Graphics uses an 
encoding mechanism that results 
in low quality images. This mode 
consumes the lowest amount of 
network bandwidth of the quality 
modes. 

If you enable this policy setting 
and set quality to Medium, 
RemoteFX Adaptive Graphics uses 
an encoding mechanism that 
results in medium quality images. 
This mode provides better 
graphics quality than low quality 
and uses less bandwidth than high 
quality. 

If you enable this policy setting 
and set quality to High, RemoteFX 
Adaptive Graphics uses an 


Select an item to view its description. 


iz] Allow audio and video playback redirection 


LE) Do not allow drive redirection 
[E] Do not allow LPT port redirection 


Do not allow smart card device redirection 
Allow time zone redirection 


Setting 
EE RemoteFX for Windows Server 2008 R2 


` [E] Remove "Disconnect" option from Shut Down dialog 


lemove Windows Security iter 


Prioritize H.264/AVC 444 graphics mode for Remote Desktop... 


=| Configure H.264/AVC hardware encoding for Remote Deckt. 


llow desktop composition for remote desktop sessions 
(E) Do not allow font smoothing 


K 


encoding mechanism that results W 


in hinh malihe imanar and 


Set “Configure image quality for RemoteFX Adaptive Graphics” to Medium: 


Azure Reference Architecture & Design Guide 


Do not allow supported Plug and Play device redirection 


Comment 


MAARA 5 N 


28 


® Configure image quality for RemoteFX Adaptive Graphics o x 


O Not Configured Comment: 
@ Enabled 
O Disabled 
=` 


Help: 


This policy setting allows you to specify the visual quality for 
remote users when connecting to this computer by using 
Remote Desktop Connection. You can use this policy setting to 
balance the network bandwidth usage with the visual quality that 
is delivered. 

If you enable this policy setting and set quality to Low, 
results in low quality images. This mode consumes the lowest 
amount of network bandwidth of the quality modes. 

If you enable this policy setting and set quality to Medium, 
RemoteFX Adaptive Graphics uses an encoding mechanism that 
results in medium quality images. This mode provides better 
graphics quality than low quality and uses less bandwidth than 
high quality. 

If you enable this policy setting and set quality to High, 
RemoteFX Adaptive Graphics uses an encoding mechanism that 
results in high quality images and consumes moderate network 
bandwidth. 

If you enable this policy setting and set quality to Lossless, 
RemoteFX Adaptive Graphics uses lossless encoding. In this 
mode, the color integrity of the graphics data is not impacted. 


Windows 2008 R2 RemoteFX Compatibility 


> M Event Log Service A 
E Event Logging 
© Event Viewer 
> © File Explorer 
I File History 
E Game Explorer 
E] HomeGroup 
> El Internet Explorer 
M Internet Information Services 
> © Location and Sensors 
©) Maintenance Scheduler 
E Maps 
E MOM 
D Microsoft Secondary Authentication Factor 
> ZI Microsoft User Experience Virtualization 
[Él NetMeeting 
©) OneDrive 
©) Online Assistance 
©) Portable Operating System 
E Presentation Settings 
v T Remote Desktop Services 
E RD Licensing 
> M Remote Desktop Connection Client 
v [M] Remote Desktop Session Host 
El Application Compatibility 
© Connections 
©) Device and Resource Redirection 
M Licensing 
© Printer Redirection 
© Profiles 
© RD Connection Broker 


18 E 
a 4 
a 


2 BN 


Select an item to view its description. Gd 
li] Configure RemoteFX Enabled 
= Optimize visual experienc vhe ig Re iOte T 


= El V en USI O O ¡gured 
|E] Optimize visual ience for Remote Desktop Service Sessi... Not configured 


v 
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® Require use of specific security layer for remote (RDP) connections 


FE] Require use of specific security layer for remote (RDP) connections 


O Not Configured Comment: 
@ Enabled 
O Disabled v 


Supported on: | at least Windows Vista ^ 


Choose the security layer from the drop-down list. and RD Session Host servers during Remote Desktop Protocol 
(RDP) connections. 


If you enable this policy setting, all communications between 


following security methods are available: 


* Negotiate: The Negotiate method enforces the most secure 
method that is supported by the client. If Transport Layer 
Security (TLS) version 1.0 is supported, it is used to authenticate 
the RD Session Host server. If TLS is not supported, native 
Remote Desktop Protocol (RDP) encryption is used to secure 
communications, but the RD Session Host server is not 
authenticated. Native RDP encryption (as opposed to SSL 
encryption) is not recommended. 


* RDP: The RDP method uses native RDP encryption to secure 
communications between the client and RD Session Host server. 


RDP Security 


> lM] Event Log dervice A 
©) Event Logging 
E] Event Viewer 
> [El File Explorer 
©) File History 
©) Game Explorer 
E HomeGroup 
> El Internet Explorer 
El Internet Information Services 
> © Location and Sensors 
©) Maintenance Scheduler 
Œ Maps 
© MDM 
M Microsoft Secondary Authentication Factor 
> T Microsoft User Experience Virtualization 
E NetMeeting 
E] OneDrive 
El Online Assistance 
©) Portable Operating System 
©) Presentation Settings 
v M Remote Desktop Services 
©) RD Licensing 
> © Remote Desktop Connection Client 
v M Remote Desktop Session Host 
Œ Application Compatibility 
©) Connections 
M) Device and Resource Redirecti 
M Licensing 
©) Printer Redirection 


Select an item to view its description. Setting State 

5) Server authentication certificate template Not configured 
l] Set client connection encryption level Not configured 
eg a aor eme raat 


lE] Require user authentication for remote connections by usin... Not configured 
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Skype for Business in Azure 


To allow audio and video playback when connecting to a computer running Windows Server 2008 R2, you must 
enable the Allow audio and video playback redirection Group Policy setting. The Allow audio and video playback 
redirection Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows 
Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection and 
can be configured by using either Local Group Policy Editor or the Group Policy Management Console (GPMC). 


I Local Group Policy Editor 
File Action View Help 


KE ZEKARI KA: 


eens ^ | Device and Resource Redirection = 
— ra a Select an item to view its description. Setting State A 
El Portable Operating System ¿[Allow audio and video playback redirection Enabled No 
= Presentation Settings E; Allow audio recording redirection Not configured No 
w D Remote Desktop Services E) Limit audio playback quality Not configured No 
M RD Licensing 17 Do not allow Clipboard redirection Not configured No 
E] Remote Desktop Connecti 3] Do not allow COM port redirection Not configured No 
w D] Remote Desktop Session H +) Do not allow drive redirection Not configured No 
E Application Compatibi E) Do not allow LPT port redirection Not configured No 
3 Connections 1.) Do not allow supported Plug and Play device redirection Not configured No 
1 Device and Resource R 1 Do not allow smart card device redirection Not configured No 
E Licensing ï, Allow time zone redirection Not configured No 
DD Printer Redirection 
1D Profiles 
T RD Connection Broker 
E Gg 


Windows Licenses and RDS Client Access Licenses (CALs) 


Parallels does not resell Microsoft licenses, and Windows licenses and RDS licenses are running in trial mode. It is highly 
recommended to replace these licenses as soon as possible. In a typical deployment, the following licenses are required: 


Description On Premise 


License needs to be added to 
the final cost 


Remote Desktop Server CAL Not included Not included 


Microsoft Windows Server CAL Included in Azure deployment 


Microsoft SPLA Enterprise License count 
Parallels Remote Application Server Not included Not included 
Microsoft SQL Server Express 
FREE 
(advanced features) 


References 
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